- Apache Tomcat permits '\', '%2F' and '%5C' as path delimiters. When Tomcat is used behind a proxy (including, but not limited to, Apache HTTP server with mod_proxy and mod_jk) configured to only proxy some contexts, a HTTP request containing strings like "/\../" may allow attackers to work around the context restriction of the proxy, and access the non-proxied contexts.
- Upgrade to Apache Tomcat 5.5.22/6.0.10 or newer.
- WordPress Plugin AskApache Firefox Adsense Cross-Site Request Forgery (3.0)
- WordPress Plugin Contact Form Clean and Simple Cross-Site Scripting (4.4.0)
- WordPress Plugin Smart Google Code Inserter Multiple Vulnerabilities (3.4)
- WordPress Plugin Active Directory Authentication Integration Cross-Site Scripting (0.6)
- WordPress Plugin Mingle Forum Multiple Cross-Site Scripting and SQL Injection Vulnerabilities (220.127.116.11)